-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sign: IsImageSigned() #39
Conversation
This commit adds a function to check if an image reference is signed. As some of the image verification methods are still hidden behind the cosign API, we need to check for image signatures to decide if verification is needed or not. Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
Add iunit test for IsImageSigned() method, checks to ensure if image is signed, not signed and error. Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cpanato, puerco The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Thit PR introduces a new method to the signer object
IsImageSigned()
which returns a bool indicating if an image reference has signatures attached to it.This is needed because we need to know if images are signed before triggering image verification on a reference.
Needed for verifying images in the container image promoter: kubernetes-sigs/promo-tools#498
Related to
kubernetes/release#2383
kubernetes/release#2227
/cc @saschagrunert @cpanato @xmudrii @PushkarJ @palnabarun